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Period for Reply 
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WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G, 213. 
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DETAILED ACTION 

Claims 1-41 have been considered. Examiner thanks Applicant for his review of the previous 
action (mailed 4/21/06). Upon review of the instant Remarks, Examiner has withdrawn the previous 
rejections and indicated a new ground(s) of rejection. 

5 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 117(e) has been timely paid, the 
10 finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
submission filed on 7/20/06 has been entered. 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C, 112: 

15 The specification shall conclude with one or more claims particularly pointing out and distinctly 

claiming the subject matter which the applicant regards as his invention. 



Claims 8 and 1 1 recite the limitation "the first password P B ". There is insufficient antecedent 
20 basis for this limitation in the claim. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

25 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

30 
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Claims 1-5,12-13,17-22,24,26, and 34-40 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vogelesang, U.S. Patent No. 5,953,424, in view of Menezes (Menezes, Alfred J. 
Handbook of Applied Cryptography. CRC Press. 1997. pages 234-237). 



5 As per claims 1,20,21,22,24, and 38-40, the applicant describes a cryptographic method with the 

following limitations which are met by Vogelesang in view of Menezes: 

a) generating, at a first entity, a first public key M B , the first public key M B being session specific 
(Vogelesang: Col 16, lines 33-35); 

b) receiving, at a first entity, a second public key M A) the second public key M A being session 
10 specific (Vogelesang: Col 16, lines 36-38); 

c) generating, at the first entity, a first session key K 8 and a first secret S B . the first session key K B 
being different from the first secret S B , both the first session key K B and the first secret S B being computed 
from the second public key M A (Vogelesang: Col 16, lines 39-67); 

d) encrypting, at the first entity, a first random nonce N B with the first session key K B or the first 
15 secret S B to obtain a first encrypted result (Vogelesang: Col 16, lines 43-67); 

e) encrypting, at the first entity, the first encrypted result with the other one of the first session key 
K B or the first secret S B to obtain an encrypted random nonce (Vogelesang: Col 16, lines 43-67; Menezes: 
pages 234-237); 

f) transmitting the encrypted random nonce from the first entity to the second entity (Vogelesang: 
20 Col 16, lines 64-67); 

g) receiving a response to the encrypted random nonce (Vogelesang: Col 17, lines 19-24); 

h) authenticating through determining whether the response includes a correct modification of the 
first random nonce N B (Vogelesang: Col 17, lines 28-30). 

Vogelesang teaches a cryptographic method which meets limitations of the above claim (except 
25 for part e). Specifically with regards to part e), Vogelesang teaches that a first random nonce may be 
encrypted at the first entity with a session key to obtain a first encrypted result (e.g. Col 16, lines 64-67) 
(part d). Vogelesang also teaches a number of secrets that are generated using the second public key 
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(e.g. T, Y D , and other values which qualify as a "secret" under MPEP 2111). However, Vogelesang does 
not appear to suggest that the first encrypted result may be double encrypted. 

Menezes teaches that encipherment of a message more than once "may increase security" 
(Menezes: page 234). Further, illustrates the process whereby a message may be encrypted once with a 
5 first key and a second time with another key (Menezes: page 234, part (a)). Combining the ideas of 

Menezes with Vogelesang facilitates a system in which a message may be encrypted once with a first key 
(e.g. session key) (part d) and a second time with another key (e.g. secret). It would have been obvious 
to one of ordinary skill in the art at the time the invention was filed to combine the ideas of Menezes with 
those of Vogelesang because doing so may increase security. 

10 

As per claim 2, the applicant describes the method of claim 1 , which is met by Vogelesang in 
view of Menezes, with the following limitations which are also met by Vogelesang: 

a) generating the first secret S B from at least a first password P B and the first public key M 8 
(Vogelesang: Col 16, lines 39-67). 

15 

As per claims 3 and 4, the applicant describes the method of claim 1, which is met by Vogelesang 
in view of Menezes, with the following limitation which is also met by Vogelesang: 

Checking whether a received modification of the first random nonce N B equals a modification of 
the first random nonce N B applied by the first entity (Vogelesang: Col 17, lines 25-37). 

20 

As per claim 5, the applicant describes the method of claim 1 , which is met by Vogelesang in 
view of Menezes, with the following limitation which is also met by Vogelesang: 

a) generating a first random number R B (Vogelesang: Col 16, lines 39-40); 

b) computing the first session key K B from the second public key M A raised to the exponential 
25 power of the first random number R B , modulo a parameter B B (Vogelesang: Col 16, lines 39-42). 
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As per claims 12 and 13, the applicant describes the method of claim 1, which is met by 
Vogelesang in view of Menezes, with the following limitation which is also met by Vogelesang: 

Wherein the first random nonce is encrypted using a symmetrical encryption algorithm 
(Vogelesang: Col 16, lines 64-67). 

As per claims 17-19, the applicant describes the method of claim 1 , which is met by Vogelesang 
in view of Menezes, with the following limitation which is also met by Vogelesang: 

a) extracting the second random nonce N A from the response (Vogelesang: Col 16, line 39 to Col 
17, tine 28); 

b) modifying the second random nonce N A to obtain a modified second random nonce 
(Vogelesang: Col 16, line 39 to Col 17, line 28); 

c) encrypting the modified second random nonce using the first session key K B and the first 
secret S B to obtain an encrypted package (Vogelesang: Col 16, line 39 to Col 17, line 28); 

d) transmitting the encrypted package from the first entity (Vogelesang: Col 16, line 39 to Col 17, 

line 28). 

As per claim 26, the applicant describes the method of claim 24, which is met by Vogelesang in 
view of Menezes, with the following limitations which are met by Vogelesang: 

a) generating a first random number R B (Vogelesang: Col 16, lines 39-40); 

b) computing the first session key K B from the second public key M A raised to the exponential 
power of the first random number R B , modulo a parameter B B (Vogelesang: Col 16, lines 39-42). 

As per claims 34-37, the applicant describes the method of claim 24, which is met by Vogelesang 
in view of Menezes, with the following limitation which is also met by Vogelesang: 

a) generating a first random number N B (Vogelesang: Col 16, line 33 to Col 17, line 27); 

b) encrypting a combination of the first random number N B and the modified second random 
number (Vogelesang: Col 16, line 33 to Col 27, line 27). 
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Claims 6-9,11, and 27-32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Vogelesang in view of Menezes in further view of Wu (Wu, Thomas. "The Secure Remote Password 
Protocol". November 1.1, 1997. Stanford University, pages 1-17). 

As per claims 6-9,11,27-30, and 32, the applicant describes the method of claims 1 and 27, which 
are met by Vogelesang in view of Menezes, with the following limitation which is also met by Wu: 

Wherein the first secret S B is generated using a combining function f B on at least a first password 
P B and the first public key M B (Wu: page 7). 

Vogelesang in view of Menezes teaches all the limitations of claim 1. However, Vogelesang in 
view of Menezes do not appear to teach that a secret may be generated from a combining function of a 
password and a public key. We teaches that a secret may be generated from a combining function of a 
password and a public key. It would have been obvious to one of ordinary skill in the art at the time the 
invention was filed to combine the ideas of Wu with those of Vogelesang in view of Menezes and utilize a 
combining function to create a secret because doing so facilitates a secure generation of the secret. 

As per claims 10 and 31, the applicant describes the method of claims 9 and 30, which are met 
by Vogelesang in view of Menezes in further view of Wu, with the following limitation: 

Wherein the one-way hash function is one of the Secure Hash Algorithm, the Message Digest 5, 
Snefru, Nippon Telephone and Telegraph Hash, and the Gosudarstvennyl Standard; 

Vogelesang in view of Menezes in further view of Wu teach all the limitations of claim 9. 
However, the combination appears to be silent as to what type of one-way hash function is employed. 
Examiner takes official notice that at least the Secure Hash Algorithm is common and known in the art. It 
would have been obvious to one of ordinary skill in the art to utilize the Secure Hash Algorithm because it 
is a common method of securely creating a hash. 

As per claims 14-16,25, and 33, the applicant describes the method of claim 1 and 24, which are 
met by Vogelesang in view of Menezes, with the following limitation which is met by Menezes: 
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a) wherein encrypting the first random nonce N B includes superencrypting the first random nonce 
N B (Menezes: pages 234-237); 

As per claim 41, the applicant describes the method of claim 40, which is met by Vogelesang in 
view of Menezes, with the following limitation which is also met by Vogelesang: 

Wherein the network is a network operating according to a hypertext transfer protocol and the first 
public key M B is transmitted for session key exchange before the encrypted second random number is 
received (Vogelesang: Col 1, lines 12-14; Col 16, lines 25-67). 

Claim 23 is rejected under 35 U.S.C. 103(a) as being unpatentable over Vogelesang in view of 
Menezes. 

As per claim 23, the applicant describes the system of claim 22, which is met by Vogelesang in 
view of Menezes, with the following limitation: 

A network operating according to a hypertext transfer.protocol and the first public key M 8 is 
transmitted with the encrypted random nonce for session key exchange; 

Vogelesang in view of Menezes does not disclose transmitting the first public key M B with the 
encrypted random nonce. Applicant's failure to argue the previous official notice of the subject matter of 
claim 23 is taken as acquiescence that the subject matter of claim 23 is obvious (See MPEP 2144.03). It 
would have been obvious to one of ordinary skill in the art at the time the invention was filed to transmit a 
key with a nonce because doing so is more efficient than having to make two separation transmissions for 
the key and the nonce. 

Response to Arguments 

Applicant's arguments, see Remarks, filed 7/20/06, with respect to the 102(b) rejection of claim 1 
under Vogelesang have been fully considered and are persuasive. Therefore, the rejection has been 
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withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of 
Vogelesang in view of Schneier. 

Applicant's arguments with respect to the 102(e) rejection of claim 1 under Vanstone have been 
5 fully considered and are persuasive. Therefore, the rejection has been withdrawn. 



Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
10 be reached on M-F 7:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 



15 Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 



Conclusion 



Information regarding the status of an application may be obtained from the Patent Application 



20 




